From: Jens Axboe <axboe@kernel.dk>
Date: Thu, 21 Nov 2024 14:12:17 +0000 (-0700)
Subject: io_uring/nop: ensure nop->fd is always initialized
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=ee116574de8415b0673c466e6cd28ba5f70c41a2;p=users%2Fdwmw2%2Flinux.git

io_uring/nop: ensure nop->fd is always initialized

A previous commit added file support for nop, but it only initializes
nop->fd if IORING_NOP_FIXED_FILE is set. That check should be
IORING_NOP_FILE. Fix up the condition in nop preparation, and initialize
it to a sane value even if we're not going to be directly using it.

While in there, do the same thing for the nop->buffer field.

Reported-by: syzbot+9a8500a45c2cabdf9577@syzkaller.appspotmail.com
Fixes: a85f31052bce ("io_uring/nop: add support for testing registered files and buffers")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---

diff --git a/io_uring/nop.c b/io_uring/nop.c
index 6d470d4251eef..5e5196df650a1 100644
--- a/io_uring/nop.c
+++ b/io_uring/nop.c
@@ -35,10 +35,14 @@ int io_nop_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
 		nop->result = READ_ONCE(sqe->len);
 	else
 		nop->result = 0;
-	if (nop->flags & IORING_NOP_FIXED_FILE)
+	if (nop->flags & IORING_NOP_FILE)
 		nop->fd = READ_ONCE(sqe->fd);
+	else
+		nop->fd = -1;
 	if (nop->flags & IORING_NOP_FIXED_BUFFER)
 		nop->buffer = READ_ONCE(sqe->buf_index);
+	else
+		nop->buffer = -1;
 	return 0;
 }